Behind the Scenes: CISOs and the Intelligence Community

My job provides a forum for me to meet with leaders in information security across many companies. My recent meetings with Chief Information Security Officers (CISO) of some of the largest uncovered a trend that I thought was relevant to share. Many of these CISOs had a few things in common.

First, they were all relatively recent to the job – within two or three years. This is normal as the CISO position is a high pressure job and tends to turn over frequently. The other common element was their professional backgrounds. They all had previously worked for the Intelligence Community (IC).

Why would companies be recruiting and hiring information security executives from the Intelligence Community? The answer is in the intelligence discipline and how it applies to a holistic and effective security program.

Hiring the Intelligence Community

Intelligence as defined by the IC is “Collection, analysis, and production of sensitive information to support national security leaders, including policymakers, military commanders, and Members of Congress.” Intelligence is woven into the creation of offensive military strategy, governing policy, and defense. Our government uses information gathered and disseminated from the IC to decide which way to point the weapons, which policies to create around anti-terrorism and set the general direction as a country.

It is clear how we can apply intelligence to our security programs, then. Without intelligence, how does an organization test the efficacy of their security program? How does the information security department know what defenses to build and how much to spend on them? How would a CISO decide where to allocate his resources and prioritize focus? For instance, much of the security budget is spent on best of breed defense tools that keep companies from being the low hanging fruit – protecting from opportunistic attacks. Yet, if those same organizations are targeted by a nation state sponsored APT, perhaps that strategy would be adjusted accordingly.

Utilizing cyber intelligence as part of a security program can yield immediate benefits and even return on investment (ROI) if implemented correctly. Intelligence can drive focus toward the most important aspects of the security program, reinforce budget allocation, and test the efficacy of the overall security methodology at an organization. These data points are invaluable when communicating with company leadership, accenting the importance of the security program and spend, and setting the direction for the future of the program.

Fortunately for these large institutions with IC community veteran CISOs, they are heading down the right path. They are developing intelligence programs that fold into their overall security program. They are building out intelligence teams, hiring staff with expertise in the intel discipline. (This is fundamentally different than InfoSec.) For everyone else, though, this is likely out of reach. First, there are a limited number of IC community veterans available for CISO positions. Second, building out intel capability, an intel program and staff, is cost prohibitive for 90% of businesses. MasterCard benefits from these developments…they have made the investment. The local credit union could also benefit, if only they had the means.

What if you can’t afford an Intelligence Community veteran?

This is what we are trying to solve for at GroupSense. We believe that with the right technology, coupled with a stellar intelligence team, we can deliver the benefits of a full fledged intelligence program to Fortune 500 and the small regional manufacturer who can’t afford to hire Intelligence Community veterans.

Our software, TraceLight, is built to collect, structure, analyze, and enrich content from millions of sources. This allows us to deliver high fidelity, structured, enriched, intelligence data to our customers. This data comes with a highly trained and experienced analyst to support the consumption and instrumentation of this data.

Share this on

Recommended Stories

Contact us

We’re ready to lead you into the future of cyber intelligence.

GroupSense is here to provide you with more information, answer questions and help create an effective solution for your cyber intelligence needs. Whether you’re a potential customer, looking to partner, or a journalist, fill out this form and we’ll make sure the right person reaches out.

Call us

Address

Follow us

Terms and Conditions

INTRODUCTION

These Website Standard Terms and Conditions (these “Terms” or these “Website Standard Terms and Conditions”) contained herein on this webpage, shall govern your use of this website, including all pages within this website (collectively referredto herein below as this “Website”). These Terms apply in full force and effect to youruse of this Website and by using this Website, you expressly accept all terms and conditions contained herein in full. You must not use this Website, if you have any objection to any of these Website Standard Terms and Conditions.
This Website is not for use by any minors (defined as those who are not at least 18 years of age), and you must not use this Website if you a minor.

INTELLECTUAL PROPERTY RIGHTS

Other than content you own, which you may have opted to include on this Website, under these Terms, GroupSense and/or its licensors own all rights to the intellectual property and material contained in this Website, and all such rights are reserved.
You are granted a limited license only, subject to the restrictions provided in these Terms, for purposes of viewing the material contained on this Website,

RESTRICTIONS

You are expressly and emphatically restricted from all of the following:

4. Using this Website in any way that is, or may be, damaging to this Website;

5. Using this Website in any way that impacts user access to this Website;

6. Using this Website contrary to applicable laws and regulations, or in a way
that causes, or may cause, harm to the Website, or to any person or business
entity;

7. Engaging in any data mining, data harvesting, data extracting or any other
similar activity in relation to this Website, or while using this Website;

8. Using this Website to engage in any advertising or marketing;

Certain areas of this Website are restricted from access by you and GroupSense may further restrict access by you to any areas of this Website, at any time, in its sole and absolute discretion. Any user ID and password you may have for this Website are confidential and you must maintain confidentiality of such information.

YOUR CONTENT

In these Website Standard Terms and Conditions, “Your Content” shall mean any audio, video, text, images or other material you choose to display on this Website. With respect to Your Content, by displaying it, you grant GroupSense a non-exclusive, worldwide, irrevocable, royalty-free, sublicensable license to use, reproduce, adapt, publish, translate and distribute it in any and all media. Your Content must be your own and must not be infringing on any third party’s
rights. GroupSense reserves the right to remove any of Your Content from this Website at any time, and for any reason, without notice.

NO WARRANTIES

This Website is provided “as is,” with all faults, and GroupSense makes no express or implied representations or warranties, of any kind related to this Website or the materials contained on this Website. Additionally, nothing contained on this Website shall be construed as providing consult or advice to you.

LIMITATION OF LIABILITY

In no event shall GroupSense, nor any of its officers, directors and employees, be liable to you for anything arising out of or in any way connected with your use of this Website, whether such liability is under contract, tort or otherwise, and GroupSense, including its officers, directors and employees shall not be liable for any indirect, consequential or special liability arising out of or in any way related to your use of this Website.

INDEMINIFICATION

You hereby indemnify to the fullest extent GroupSense from and against any and all liabilities, costs, demands, causes of action, damages and expenses (including reasonable attorney’s fees) arising out of or in any way related to your breach of any of the provisions of these Terms.

SEVERABILITY

If any provision of these Terms is found to be unenforceable or invalid under any applicable law, such unenforceability or invalidity shall not render these Terms unenforceable or invalid as a whole, and such provisions shall be deleted without affecting the remaining provisions herein.

VARIATION OF TERMS

GroupSense is permitted to revise these Terms at any time as it sees fit, and by using this Website you are expected to review such Terms on a regular basis to ensure you understand all terms and conditions governing use of this Website.

ASSIGNMENT

GroupSense shall be permitted to assign, transfer, and subcontract its rights and/or obligations under these Terms without any notification or consent required. However, you shall not be permitted to assign, transfer, or subcontract any of your rights and/or obligations under these Terms.

ENTIRE AGREEMENT

These Terms, including any legal notices and disclaimers contained on this Website, constitute the entire agreement between GroupSense and you in relation to your use of this Website, and supersede all prior agreements and understandings with respect to the same.

GOVERNING LAW AND JURISDICTION

These Terms will be governed by and construed in accordance with the laws of the State of Virginia, and you submit to the non-exclusive jurisdiction of the state and federal courts located in Virginia for the resolution of any disputes.
​

Privacy Policy

THIRD-PARTY WEBSITES

The Site may contain links to third-party websites and applications of interest, including advertisements and external services, that are not affiliated with us. Once you have used these links to leave the Site, any information you provide to these third parties is not covered by this Privacy Policy, and we cannot guarantee the safety and privacy of your information. Before visiting and providing any information to any third-party websites, youshould inform yourself of the privacy policies and practices (if any) of the third party responsible for that website, and should take those steps necessary to, in your discretion, protect the privacy of your information. We are not responsible for the content or privacy and security practices and policies of any third parties, including other sites, services or applications that may be linked to or from the Site.

SECURITY OF YOUR INFORMATION

We use administrative, technical, and physical security measures to help protect your personal information. While we have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable, and nomethod of data transmission can be guaranteed against any interception or other type of misuse. Any information disclosed online is vulnerable to interception and misuse by unauthorized parties. Therefore, we cannot guarantee complete security if you provide personal information.

POLICY FOR CHILDREN

We do not knowingly solicit information from or market to children under the age of 13. If you become aware of any data we have collected from children under age 13, please contact us using the contact information provided below.

CONTROLS FOR DO-NOT-TRACK FEATURES

Most web browsers and some mobile operating systems include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. If you set the DNT signal on your browser, we will respond to such DNT browser signals.

CALIFIORNIA PRIVACY RIGHTS

California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendaryear. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information
provided below.

If you are under 18 years of age, reside in California, and have a registered account with the Site, you have the right to request removal of unwanted data that you publicly post on the Site. To request removal of such data, please contact us using the contact information provided below, and include the email address associated with your account and a statement that you reside in California. We will make sure the data is not publicly displayed on the Site, but please be aware that the data nay not be completely or comprehensively removed from our systems.

CONTACT US

If you have questions or comments about this Privacy Policy, please contact us at: